Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

News

Young Researchers´Day @ ICT Security Conference 2024 – Recap

A group of dedicated young researchers presented their work at the 20th ICT Security Conference on 17 and 18 September 2024, which was organized by the Austrian Armed Forces.

Group photo of young researchers, behind their posters

They impressed the audience with their research work as part of their final theses. The OCG IT Security Working Group, headed by Ingrid Schaumüller-Bichl and Edgar Weippl, organized the presentations of the young researchers in cooperation with us again this year. The YRD successfully demonstrates the continuous efforts to ensure security in all areas.

1st Conference Day

Attack and defense in the cloud: development of the “PurpleCloud” training platform

Fabio Birnegger, Sebastian Chmel (FH Campus Wien)

PurpleCloud is a gamified Cloud Security learning platform in Microsoft Azure, developed as part of the master’s theses by Fabio Birnegger (TÜV Austria) and Sebastian Chmel (Accenture) at FH Campus Wien. The platform explores both the Red Team (attack) and Blue Team (defense) perspectives in the cloud. The presentation will showcase one of the four scenarios developed for the training platform, examining it from both perspectives. The goal is to raise awareness of common Cloud Security threats and address the lack of Cloud Security training opportunities by enabling anyone interested to set up their own “Vulnerable Cloud” based on the PurpleCloud project and tackle various challenges.

Use of AI for automated identification and assessment of cyber security threats

Patrick Sommer (FH Hagenberg)

Companies today face the challenge of managing the vast amount of daily information, especially when it comes to identifying security vulnerabilities. This information overload makes it difficult to identify and assess threats in a timely manner. To address this issue, the RiskAlert team has developed an AI-based system that automatically analyzes security alerts and detects relevant threats. Thanks to its modular architecture, RiskAlert can be flexibly adapted to different business requirements, with all data processing taking place locally to ensure data privacy. Initial tests have shown impressive results, and there is already significant interest from the business sector.

Cyber-Range 2.0: How AI is revolutionizing the future of cybersecurity training

Timea Pahi (FH St. Pölten)

In this talk, we highlight how Artificial Intelligence is transforming the way cybersecurity training is delivered. We will show how AI-powered simulations make it possible to create realistic and dynamic attack scenarios tailored to specific infrastructures and threats. By automating complex processes, from infrastructure generation to user activity simulation, the Cyber Range 2.0 provides an innovative platform that is invaluable for both corporate and educational institutions.

Cybersecurity in the digital age of the construction industry: An integrated framework for assessing threats, selecting protective measures and implementing a risk management strategy

Elisabeth Gütl (TU Graz – Institute for Construction Management and Economics)

The increasing digitalization of the construction industry, summarized under the umbrella term “Construction 4.0”, brings with it new opportunities and risks. New vulnerabilities are emerging due to the increasing networking of construction site participants and more gateways for cyberattacks are being created. This dissertation focuses on emerging cyber risks and corresponding measures in the construction project phases on increasingly digitalized construction sites.

Incidental Data Exposure: Privacy-Compromising Data Incidentally Shared on Social Media

Patrick A.J. Deininger (FH Joanneum und TU Graz)

Sharing information with the public has become easier than ever through the use of numerous social media platforms available today. Once posted online and made publicly accessible, information is nearly impossible to retract or delete. Alarmingly, posts may contain not only the intended information but also sensitive details that go far beyond what was intended. This means that, in some cases, different posts—which may seem harmless at first glance—can be combined to reveal sensitive information, a phenomenon known as “Incidental Data Exposure.” To enhance our understanding of awareness regarding incidental data, we conducted a survey in which we asked 192 students for their opinions on publishing selected social media posts. We found that up to 21.88% of participants would be willing to publish posts that disclose sensitive data. In contrast, however, two-thirds of the participants would consider the direct disclosure of this data as a threat to privacy. Our results indicate that efforts must be made to increase awareness about incidental data exposure on social media platforms.

2nd Conference Day

Two Years of War in Ukraine: An Analysis on Churn, Outages and Rerouting of the Internet in Kherson

Florian Holzbauer (SBA Research)

The Internet is a key infrastructure for communication, and kinetic warfare destroys national infrastructure, including the Internet. This paper investigates the impact of Russia’s full-scale invasion on the Internet in Kherson oblast, situated in the south of Ukraine. This region is insofar of interest as it was occupied by the Russian Federation in March 2022 and partly liberated again by Ukraine in November 2022. Therefore, we rely on our active measurement campaign, probing the Ukrainian address space at an interval of two hours ever since March 5th, 2023, the 10th day of the invasion, and combine it with other data sources like geolocation, Liveuamap, and BGP data. Based on our results, we conclude that IP addresses leave Kherson oblast for other parts of Ukraine, presumably to remain reachable. In Russian-occupied regions of Ukraine, regional networks are, possibly under duress, connected with Russian state-operated networks. This regains connections at the cost of increased round-trip times and, far worse, submits Ukrainian citizens to Russian censorship. At the same time, networks operated from Ukrainian-controlled territories like Kyiv experience full outages in the affected region.

Towards Flexible Cyber Range Exercises

Tobias Pfaller (AIT)

Cyber exercises provide essential training for cybersecurity professionals by simulating realistic environments, but the planning, execution, and evaluation of these exercises remain highly manual, time-consuming, and costly. This limits their widespread use for skill development. Current cyber exercise scenarios typically rely on predefined, linear injects (events) to guide the exercises. However, leveraging methods from business process management could improve efficiency and quality. This paper introduces a process-based cyber exercise lifecycle model that uses process modeling languages and automation tools to streamline exercises, making them more transparent and dynamic. A proof-of-concept implementation at a national cyber exercise demonstrated the model’s potential to enhance coordination and effectiveness while reducing the workload for organizers. (Summary of Paper Abstract)

Deep-challenge: Combating deepfakes

Iris Grze (TU Wien)

Nowadays, almost everyone has published a personal photo online. With the rise of increasingly precise and user-friendly deepfake generation tools, the risk of identity misuse is higher than ever before. Whether it’s portraying someone in a compromising situation, causing lasting damage to their reputation, or committing identity fraud, the threat posed by deepfakes is significant. To combat this threat, various methods have been developed, which can be categorized into two main types: detection methods and disruption methods. Detection methods classify media as either real or artificially generated but do not address the root cause of the problem—the creation of deepfakes. Disruption methods, on the other hand, introduce barely perceptible disturbances into images, resulting in deepfakes that are of poor quality and clearly appear fake. In my presentation, I will showcase the latest disruption methods, discuss their (in)applicability in the real world, and explain why further research in this area is urgently needed.

It is encouraging to see that with the YRD, young people are demonstrating their intense work to ensure our collective security.

We extend our heartfelt thanks to the OCG IT Security Working Group and the ICT Security Conference administration for their unwavering support of these young researchers and their contributions.

We also want to express our gratitude to all the participating universities for sending their top talents to the conference. Thanks to their support, many security experts will be able to witness firsthand the significant impact that research has on the field and how it helps to address new challenges in the IT sector.

All pictures © SBA Research.